[Samba] Re: Group Policy for Win2k/XP
The thing that I have been having great difficulty understanding, and this could be because of lack of Windows knowledge but bear with me, is how you can have DIFFERENT policy files based on... well, anything. Shouldn't it be possible to add some macros like %m to the path = parameter in [netlogon] stanza? I haven't used the trick myself, but it sounds like this is what you really want: [netlogon] path = /local/%m/netlogon write list = root browseable = No I know group support is limited... how about even based on NetBIOS name as I can easily get that from %m at least. I know, for example, the profile of a Win2k machine will be located in \\SERVER\NETLOGON\Default Profile, but what if I want to have one for lab PC's and one for Office PC's, and for some remote sites, none at all, just authentication? I know how to implement policies per user, too, but I don't want to have to login as the Now that you mention it, can you share some of your experiences? Which tool do you use? What is your typical set of rules? This is one area where I'm still having problems. When a PC is added to a samba domain DOM I can see that the local Administrators group gets a new member DOM\Administrators and the Local Users group gets DOM\Users. Everyone who can authenticat himself as a DOM\User can use the PC. However, there is very little they can do with their own environment. They can't change the Wallpaper, they can't change Explorer properties, the mounted shares are not carried forward to a new session etc. Even if I add DOM\Users to the group of local Power Users, no further privileges can be seen. So how do you set up such things with the group policies? user, set the policy and then save the policy and log out. How can I apply a policy to a user based on some arbitrary information? Is the logon script early enough to do some work behind the scenes to smylink the proper files into the right place, or... am I totally off track here? I'm sure this is something everyone does, but I can't for the life of me figure out the way to make this stuff apply to different users differently. If privileges are right, you can do much with the logon script (which is in [netlogon]). If you configure the path to be dependent upon both %m and %u then you can use links to set up any combination of machines getting their own profiles and users getting their profiles too. Get advanced SPAM filtering on Webmail or POP Mail ... Get Lycos Mail! http://login.mail.lycos.com/r/referral?aid=27005 -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
[Samba] Re: Group Policy for Win2k/XP
What server are you using for your users to log in? Is it samba or win2000? If it is samba then take a look at samba howto head 3 at samba.org . It is telling you there how to change registry for machines to set diferent path for profile and policy updates. If you are using win2000 server just install active directory and look at Microsoft.com for info how to deploy security and policy settings in Active Directory. I have not done this in a long time. That is all I can tell you for now. regards, Admir Ryan Novosielski [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED] Sorry to re-send, but I think this may have gotten missed last time, possibly because of the inaccurate subject line. Can someone throw me a bone here? I am very lost as far as this one part of the administration goes. Thanks for any help you can provide! The thing that I have been having great difficulty understanding, and this could be because of lack of Windows knowledge but bear with me, is how you can have DIFFERENT policy files based on... well, anything. I know group support is limited... how about even based on NetBIOS name as I can easily get that from %m at least. I know, for example, the profile of a Win2k machine will be located in \\SERVER\NETLOGON\Default Profile, but what if I want to have one for lab PC's and one for Office PC's, and for some remote sites, none at all, just authentication? I know how to implement policies per user, too, but I don't want to have to login as the user, set the policy and then save the policy and log out. How can I apply a policy to a user based on some arbitrary information? Is the logon script early enough to do some work behind the scenes to smylink the proper files into the right place, or... am I totally off track here? I'm sure this is something everyone does, but I can't for the life of me figure out the way to make this stuff apply to different users differently. PS: This information would be EXCEEDINGLY helpful to have in the HOWTO. The Oreilly book covers it a little, but... not that much either. _ _ _ _ ___ _ _ _ |Y#| | | |\/| | \ |\ | | | Ryan Novosielski - Jr. UNIX Systems Admin |$| |__| | | |__/ | \| _| | [EMAIL PROTECTED] - 973/972.0922 (2-0922) \__/ Univ. of Med. and Dent. | IST/ACS - NJMS Medical Science Bldg - C630 -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Re: Group Policy for Win2k/XP
I am logging into a Samba server on an HP9000. I read the HOWTO that John has been recommended (chapter 18) multiple times, but I think pieces are missing in the explanation for this stuff, unless I'm just inept. ;) _ _ _ _ ___ _ _ _ |Y#| | | |\/| | \ |\ | | | Ryan Novosielski - Jr. UNIX Systems Admin |$| |__| | | |__/ | \| _| | [EMAIL PROTECTED] - 973/972.0922 (2-0922) \__/ Univ. of Med. and Dent. | IST/ACS - NJMS Medical Science Bldg - C630 On Thu, 26 Jun 2003, admir wrote: What server are you using for your users to log in? Is it samba or win2000? If it is samba then take a look at samba howto head 3 at samba.org . It is telling you there how to change registry for machines to set diferent path for profile and policy updates. If you are using win2000 server just install active directory and look at Microsoft.com for info how to deploy security and policy settings in Active Directory. I have not done this in a long time. That is all I can tell you for now. regards, Admir Ryan Novosielski [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED] Sorry to re-send, but I think this may have gotten missed last time, possibly because of the inaccurate subject line. Can someone throw me a bone here? I am very lost as far as this one part of the administration goes. Thanks for any help you can provide! The thing that I have been having great difficulty understanding, and this could be because of lack of Windows knowledge but bear with me, is how you can have DIFFERENT policy files based on... well, anything. I know group support is limited... how about even based on NetBIOS name as I can easily get that from %m at least. I know, for example, the profile of a Win2k machine will be located in \\SERVER\NETLOGON\Default Profile, but what if I want to have one for lab PC's and one for Office PC's, and for some remote sites, none at all, just authentication? I know how to implement policies per user, too, but I don't want to have to login as the user, set the policy and then save the policy and log out. How can I apply a policy to a user based on some arbitrary information? Is the logon script early enough to do some work behind the scenes to smylink the proper files into the right place, or... am I totally off track here? I'm sure this is something everyone does, but I can't for the life of me figure out the way to make this stuff apply to different users differently. PS: This information would be EXCEEDINGLY helpful to have in the HOWTO. The Oreilly book covers it a little, but... not that much either. _ _ _ _ ___ _ _ _ |Y#| | | |\/| | \ |\ | | | Ryan Novosielski - Jr. UNIX Systems Admin |$| |__| | | |__/ | \| _| | [EMAIL PROTECTED] - 973/972.0922 (2-0922) \__/ Univ. of Med. and Dent. | IST/ACS - NJMS Medical Science Bldg - C630 -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Re: Group Policy for Win2k/XP
OK, lets go tru your question again. Yo want to have a profile for to diferent machines. One for lab and one for office? Is the same user going to be loging in on both machines? If that is so then I sugest you don,t use profiles but use system policy. To do that you realy need poledit program from win NT 4 SERVER! cd-rom. If I am not right, Can you explain to me the exact situation and why you need multiple profiles for diferent users. I also know that wehen you are using roaming profiles on diferent machines you get some msg's like there is no program found for shourtcut's. That kind of staf. You have to tell me exectly why you want this? Regards, Admir - Original Message - From: Ryan Novosielski [EMAIL PROTECTED] To: admir [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] Sent: Thursday, June 26, 2003 8:04 PM Subject: Re: [Samba] Re: Group Policy for Win2k/XP I am logging into a Samba server on an HP9000. I read the HOWTO that John has been recommended (chapter 18) multiple times, but I think pieces are missing in the explanation for this stuff, unless I'm just inept. ;) _ _ _ _ ___ _ _ _ |Y#| | | |\/| | \ |\ | | | Ryan Novosielski - Jr. UNIX Systems Admin |$| |__| | | |__/ | \| _| | [EMAIL PROTECTED] - 973/972.0922 (2-0922) \__/ Univ. of Med. and Dent. | IST/ACS - NJMS Medical Science Bldg - C630 On Thu, 26 Jun 2003, admir wrote: What server are you using for your users to log in? Is it samba or win2000? If it is samba then take a look at samba howto head 3 at samba.org . It is telling you there how to change registry for machines to set diferent path for profile and policy updates. If you are using win2000 server just install active directory and look at Microsoft.com for info how to deploy security and policy settings in Active Directory. I have not done this in a long time. That is all I can tell you for now. regards, Admir Ryan Novosielski [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED] Sorry to re-send, but I think this may have gotten missed last time, possibly because of the inaccurate subject line. Can someone throw me a bone here? I am very lost as far as this one part of the administration goes. Thanks for any help you can provide! The thing that I have been having great difficulty understanding, and this could be because of lack of Windows knowledge but bear with me, is how you can have DIFFERENT policy files based on... well, anything. I know group support is limited... how about even based on NetBIOS name as I can easily get that from %m at least. I know, for example, the profile of a Win2k machine will be located in \\SERVER\NETLOGON\Default Profile, but what if I want to have one for lab PC's and one for Office PC's, and for some remote sites, none at all, just authentication? I know how to implement policies per user, too, but I don't want to have to login as the user, set the policy and then save the policy and log out. How can I apply a policy to a user based on some arbitrary information? Is the logon script early enough to do some work behind the scenes to smylink the proper files into the right place, or... am I totally off track here? I'm sure this is something everyone does, but I can't for the life of me figure out the way to make this stuff apply to different users differently. PS: This information would be EXCEEDINGLY helpful to have in the HOWTO. The Oreilly book covers it a little, but... not that much either. _ _ _ _ ___ _ _ _ |Y#| | | |\/| | \ |\ | | | Ryan Novosielski - Jr. UNIX Systems Admin |$| |__| | | |__/ | \| _| | [EMAIL PROTECTED] - 973/972.0922 (2-0922) \__/ Univ. of Med. and Dent. | IST/ACS - NJMS Medical Science Bldg - C630 -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba -- To unsubscribe from this list go to the following URL and read the instructions: http://lists.samba.org/mailman/listinfo/samba